disinclined.org
/
git
/
dylansserver.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixed double comment sanitation.
[dylansserver.git]
/
index.php
diff --git
a/index.php
b/index.php
index
88f82d2
..
485b063
100644
(file)
--- a/
index.php
+++ b/
index.php
@@
-435,8
+435,8
@@
class note extends cms {
// and a default author needs to be set
// for no-javascript users.
$stmt->bind_param('sss',
// and a default author needs to be set
// for no-javascript users.
$stmt->bind_param('sss',
-
htmlspecialchars($_POST['name'])
,
-
htmlspecialchars($_POST['text'])
,
+
$_POST['name']
,
+
$_POST['text']
,
$this->id);
$stmt->execute();
}
$this->id);
$stmt->execute();
}
@@
-491,7
+491,7
@@
END_OF_NAVIGATION;
$date_posted = $entry['date_posted'];
$author = $entry['author'];
$text = htmlspecialchars($entry['text']);
$date_posted = $entry['date_posted'];
$author = $entry['author'];
$text = htmlspecialchars($entry['text']);
- $head = "<h3>
$author
</h3>";
+ $head = "<h3>
" . htmlspecialchars($author) . "
</h3>";
echo <<<END_OF_COMMENT
<div class='comment'>
$head
echo <<<END_OF_COMMENT
<div class='comment'>
$head